Security Backdoors are Bad News—But Some Lawmakers Are Taking Action to Close Them

Security Backdoors are Bad News—But Some Lawmakers Are Taking Action to Close Them

As many privacy advocates have pointed out recently, it looks like some people in the federal government are intent on reviving the failed Crypto Wars of the 90s. And despite recent assurances, the National Institute of Standards and Technology (NIST) still hasn’t done enough to address NSA’s involvement in the creation of encryption standards. Fortunately, some lawmakers are taking security seriously.

You may remember that back in June, the House of Representatives voted overwhelmingly (293-123) to approve the Massie-Lofgren amendment to the 2015 Department of Defense Appropriations bill, which would have defunded the NSA’s attempts to build security backdoors into products and services. Although the amendment may have been stripped from the final appropriations bill, all’s not lost. On Thursday, Senator Ron Wyden introduced some of the same language from the amendment as the Secure Data Act of 2014 [pdf].

The Secure Data Act starts to address the problem of backdoors by prohibiting any agency from “mandate[ing] that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.” Representative Lofgren has introduced a companion bill in the House, co-sponsored by 4 Republicans and 5 Democrats.

The legislation isn’t comprehensive, of course. As some have pointed out, it only prohibits agencies from requiring a company to build a backdoor. The NSA can still do its best to convince companies to do so voluntarily. And sometimes, the NSA’s “best convincing” is a $10 million contract with a security firm like RSA.

The legislation also doesn’t change the Communications Assistance for Law Enforcement Act (CALEA.) CALEA, passed in 1994, is a law that forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap telephone calls. In 2006, the D.C. Circuit upheld the FCC's reinterpretation of CALEA to also include facilities-based broadband Internet access and VoIP service, although it doesn't apply to cell phone manufacturers.

That being said, this legislation is a good thing. First and foremost, it’s important to remind the incoming (and overwhelmingly Republican) Congress that NSA spying isn’t a partisan issue. The bipartisan Massie-Lofgren amendment garnered votes from Republicans, Democrats, and Independents. And like the Massie-Lofgren amendment, Democrats and Republicans are already supporting this legislation. While it’s not likely that Congress will touch the Secure Data Act this term, by introducing this legislation Senator Wyden and Representative Lofgren have made it clear that they will continue to push for privacy, civil liberties—and strong security.

Related Updates

The full weight of U.S. policing has descended upon protesters across the country as people take to the streets to denounce the police killings of Breonna Taylor, George Floyd, and countless others who have been subjected to police violence. Along with riot shields, tear gas, and other crowd control...

Your phone is your life. It’s where you communicate, get your news, take pictures and videos of your loved ones, relax and play games, and find a significant other. It can track your health, give you directions, remind you of events, and much more. It’s an incredibly helpful tool, but...

EFF has joined a broad coalition of civil liberties, civil rights, and labor advocates to oppose A.B. 2261, which threatens to normalize the increased use of face surveillance of Californians where they live and work. Our allies include the ACLU of California, Oakland Privacy, the California Employment Lawyers Association, Service...

In the wake of nationwide protests against the police killings of George Floyd and Breonna Taylor, we urge protestors to stay safe, both physically and digitally. Our Surveillance Self Defense (SSD) Guide on attending a protest offers practical tips on how to maintain your privacy and minimize your digital...

With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel.Several countries and U.S. states, including the UK, Italy, Chile, Germany, and California, have expressed interest in...

When it comes to surveillance of our online lives, Internet service providers (ISPs) are some of the worst offenders. Last year, the state of Maine passed a law targeted at the harms ISPs do to their customers when they use and sell their personal information. Now that law is...

COVID-19, and containment efforts that rely on personal data, are shining a spotlight on a longstanding problem: our nation’s lack of sufficient laws to protect data privacy. Two bills before Congress attempt to solve this problem as to COVID-19 data. One is a good start that needs improvements. The other...

In a landmark decision, the German Constitutional Court has ruled that mass surveillance of telecommunications outside of Germany conducted on foreign nationals is unconstitutional. Thanks to the chief legal counsel, Gesellschaft für Freiheitsrechte (GFF), this a major victory for global civil liberties, but especially those that live and...